Quick Links
How to use NEW Upload Key to sign app update and upload to Google Play store?
Member ✭✭✭
Hi,
Somehow I managed to save the wrong keystore for my Android app that I developed using Xamarin and already published.
When I wanted to upload an update to the Google Play Store with the keystore that I thought was the right keystore,
the SHA certificate did not match.
Luckily I was registered for Google Play App Signing so they were able to reset the Upload Key for me.
In order to reset the upload key I:
(dont know if i had to do this to generate new upload key) Generated a new archive and new keystore for the Android project in Xamarin and exported the APK to a folder. In that folder i ran the command lines in the next steps:
Generated a new upload key using the command line:
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jksExported the certificate for that key to a *.pem file:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jksSent the *.pem to Google Play Developer Support.**
Now that I have a *.pem file and *.jks file, how do I create the new APK file for my Xamarin Android project, signed with the new upload key in Visual Studio?
Posts
Hello @Cdn_Euro ,
I have the same problem, i missed my keystore file and i want to update app in play store.
Any solution found.
@DeepakDY This is the solution:
After sending the *.pem file to Google Play Developer support in order to reset the Upload Key, they confirmed it was successfully reset (yay Google App Signing) but it takes a couple of days for it to be active.
When it becomes active follow these steps:
Go to Visual studio and archive the Android project from Build/Archive
In the Archives menu option, select the latest archive and click Open Folder. This opens a folder where an unsigned *.apk file resides. It needs to be signed manually (in step 4) with the *.jks keystore file mentioned above (keystore.jks).
First zipalign the unsigned archive (make sure to add C:\Program Files\Java\jre1.8.0_191\bin to PATH in User variables):
zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk
apksigner sign --ks keystore.jks --out my-app-release.apk my-app-unsigned-aligned.apk
hello @Cdn_Euro
i think you said about this ssl-cert-snakeoil.pem.
this is path of this file.
but how can send it in google play developer.
please help me.
@DeepakDY You literally just email it to Google Play support. Contact them first. There is a form, check out that website
General Information about keys etc:
https://support.google.com/googleplay/android-developer/answer/9061737?hl=en&ref_topic=15868&visit_id=636834463199127387-1167344014&rd=1#ts=3055205
The form you need to fill out, then after they will ask you for the *.pem cerificate:
https://support.google.com/googleplay/android-developer/contact/otherbugs
Let me know if you got it working, or if you have other questions.
Hello @Cdn_Euro ,
Thanks for reply and guide me.
i sent pem file to google paly support then i getted reply,
Hi,
Thanks for contacting Google Play Developer Support!
`Hi,
Thanks for contacting Google Play Developer Support!
Good news - I was able to register your new upload key. Make sure to update your keystores in the following locations:
The new key will be usable from: 2019-01-20 16:13:12 UTC.
Thanks for your patience during this process, and please let me know if you have any other questions.`
but i can't able to find new keystore file and where is.
@DeepakDY No worries, we are all here to help eachother. If I remember correctly when you created the *.pem file there was also a *.jks file created? That *.jks file IS your new upload key.
(this is from when I went through the same process as you)
Hello @Cdn_Euro
how can kwon my key is sign in or not
Hello @Cdn_Euro ,
Google reply me.
If you need further clarification then please let me know. I'm happy to help
@DeepakDY what is the question, i didnt understand that
hello @Cdn_Euro ,
Firstly i generated a new archive and new keystore for the Android project in Xamarin.
then i ran keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks for generate keystore.jks file(i thinks this is new upload key this file(keystore.jks generated in this path "C:\Program Files (x86)\Java\jdk1.8.0_192\bin")) when i am ran this command this ask me some information about new archive such as(alias, organization, organization unit, location, county code, password and repassword).
after i ran this command "keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks" for generate
*.pem file and its generated in this path "C:\Program Files (x86)\Java\jdk1.8.0_192\bin".
then i send *.pem file to google play support.
and google play reply this
Good news - I was able to register your new upload key. Make sure to update your keystores in the following locations:
Local machine
Locked on-site server (varying ACLs)
Cloud machine (varying ACLs)
Dedicated secrets management services
(git) repos
The new key will be usable from: 2019-01-20 16:13:12 UTC.
where i am wrong here.
@Cdn_Euro how can import new *.jks file for archive
@DeepakDY Once you have that keystore.jks(thats what i named it in this case) associated with the *.pem file just use the *.jks like this:
Let me know if it worked, or if I didnt understand your question.
Hello @Cdn_Euro ,
I am following your instruction and i ran zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk
but not get my-app-unsigned-aligned.apk .
I attached a image of Command prompt
@DeepakDY put the files (your app apk package and your jks key) in the same folder and run the command prompt from within that folder. Or use command prompt to make sure you are in the folder where the apk resides.
In command prompt type to change directory to where your apk is:
Also copy the JKS key file to that folder.
Now assuming that com.crm.office24hr.apk is your Unsigned APK (obtained just by clicking Open Folder in visual studio after creating APK)
The format is : zipalign -v -p 4 INPUT_FILENAME OUTPUT_FILENAME
Now that yhou should have your aligned apk, just sign it with the jks that should be in the same folder ( What i did is I moved the apk and the jks together somewhere else)
The format is: sign --ks NAME_OF_KEY.JKS --out OUTPUT_FILENAME INPUT_FILENAME
Great
Hello @Cdn_Euro
Thanks for supporting me
Now i am able to update my application.
I put *.apk and *.keystore file in this path "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3"
because zipalign.exe file was here and ran this command "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3>zipalign -v -p 4 com.crm.office24hr.apk com.crm.office24hr-aligned.apk".
and generated *-aligned.apk same folder"C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3".
then Ran this command "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3>apksigner sign --ks keystore.jks --out com.crm.office24hr.apk com.crm.office24hr-aligned.apk" signer apk in same folder "C:\Program Files (x86)\Android\android-sdk\build-tools\25.0.3".
signer apk is final apk and update app in play store.
Thanks once again
@DeepakDy I am glad you solved it. And no problem
Hello @Cdn_Euro , please can I get your audience, I also need your assistance on this topic... I've gotten the feedback from Google support team, after the day I was given, I signed my App with the .jks I generated its .PEM for reset but I was still getting the same error that I should sign my App with the correct keystore...
Please can you help me on this, I'm stuck.
I'm using Android Studio by the way
you don't need any of these steps. just choose sign and distribute on visual studio and choose import keystore, then select your keystore.jks which you created earlier. VS will ask you to enter password you used for keystore.jks. once you enter it will be signed and ready to upload to Google Play Console